cbcvebase.

Rankmath Seo vulnerabilities

14 known vulnerabilities affecting rankmath/seo.

Total CVEs
14
CISA KEV
0
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH2MEDIUM10

Vulnerabilities

Page 1 of 1
CVE-2020-11514P1CRITICALCVSS 9.8ExploitedPoC≤ 1.0.40.22020-04-07
CVE-2020-11514 [CRITICAL] CWE-862 CVE-2020-11514: The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to updat The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint.
nvd
CVE-2020-11515P1MEDIUMCVSS 6.1ExploitedPoC≤ 1.0.40.22020-04-07
CVE-2020-11515 [MEDIUM] CWE-601 CVE-2020-11515: The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to creat The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g
nvd
CVE-2024-9161P2MEDIUMCVSS 6.5ExploitedPoCfixed in 1.0.2292024-10-05
CVE-2024-9161 [MEDIUM] CWE-862 CVE-2024-9161: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unau The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. This makes it possible for unauthenticated attackers to insert new and update existing metadata beg
nvd
CVE-2023-23888P2HIGHCVSS 8.8Exploitedfixed in 1.0.107.32024-05-17
CVE-2023-23888 [HIGH] CWE-22 CVE-2023-23888: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.107.2.
nvd
CVE-2024-9314P3HIGHCVSS 7.2fixed in 1.0.2292024-10-05
CVE-2024-9314 [HIGH] CWE-502 CVE-2024-9314: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No kno
nvd
CVE-2022-36376P3CRITICALCVSS 9.8≤ 1.0.952022-09-09
CVE-2022-36376 [CRITICAL] CWE-918 CVE-2022-36376: Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress.
nvd
CVE-2019-14786P4MEDIUMCVSS 6.5fixed in 1.0.27.12019-08-15
CVE-2019-14786 [MEDIUM] CWE-862 CVE-2019-14786: The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the w The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter.
nvd
CVE-2024-13227P4MEDIUMCVSS 5.4fixed in 1.0.2362025-02-13
CVE-2024-13227 [MEDIUM] CWE-79 CVE-2024-13227: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stor The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Rank Math API in all versions up to, and including, 1.0.235 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contri
nvd
CVE-2024-4627P4MEDIUMCVSS 5.4fixed in 1.0.2192024-07-02
CVE-2024-4627 [MEDIUM] CWE-79 CVE-2024-4627: The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings The Rank Math SEO WordPress plugin before 1.0.219 does not sanitise and escape some of its settings, which could allow users with access to the General Settings (by default admin, however such access can be given to lower roles via the Role Manager feature of the Rank Math SEO WordPress plugin before 1.0.219) to perform Stored Cross-Site Scripting attac
nvd
CVE-2024-3665P4MEDIUMCVSS 5.4fixed in 1.0.2172024-04-23
CVE-2024-3665 [MEDIUM] CWE-79 CVE-2024-3665: The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scriptin The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's HowTo and FAQ widgets in all versions up to, and including, 1.0.216 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acce
nvd
CVE-2024-4335P4MEDIUMCVSS 5.4fixed in 1.0.2182024-05-14
CVE-2024-4335 [MEDIUM] CWE-79 CVE-2024-4335: The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scr The Rank Math SEO with AI Best SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textAlign’ parameter in versions up to, and including, 1.0.217 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitra
nvd
CVE-2024-2536P4MEDIUMCVSS 5.4fixed in 1.0.2152024-04-09
CVE-2024-2536 [MEDIUM] CWE-20 CVE-2024-2536: The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scriptin The Rank Math SEO with AI SEO Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HowTo block attributes in all versions up to, and including, 1.0.214 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and a
nvd
CVE-2023-32600P4MEDIUMCVSS 5.4fixed in 1.0.119.12023-08-06
CVE-2023-32600 [MEDIUM] CWE-79 CVE-2023-32600: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0. Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.
nvd
CVE-2024-13229P4MEDIUMCVSS 4.3fixed in 1.0.2362025-02-13
CVE-2024-13229 [MEDIUM] CWE-284 CVE-2024-13229: The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unau The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the update_metadata() function in all versions up to, and including, 1.0.235. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete any schema
nvd
Rankmath Seo vulnerabilities | cvebase